Anatomy of a digital ad fraud: Rapidfire counterfeit operation netted $US10 million a month
A five-person ‘RapidFire’ counterfeit operation, made up of former ad tech industry employees, generated $US10 million in monthly ad-fraud revenue, by exploiting vulnerabilities in the Connected TV (CTV) programmatic landscape.
Australian services, along with those in the US, Canada and the UK were affected.
CTV is an emerging sector of the digital ad market. In the US is estimated to be worth $US12 billion.
The anatomy of this ad fraud is detailed in a new report by Method Media Intelligence (MMI) titled CTV/OTT Research Report.
Ad fraudsters tend to follow the money and CTV represents an increasingly lucrative target-rich environment. Indeed, with a three percent margin of error, MMI estimates that 50 percent of all of the CTV traffic made available for auction in exchanges is counterfeit.
Digital ad fraud is a burgeoning global market that has tracked the rise of the programmatic digital ad buying ecosystem over the last two decades.
Estimates of the scale of the problem vary. Independent researchers such as Juniper Research have forecast it could reach over $US40 billion by the middle of the decade.
Adtech industry executives often dispute this and typically suggest the real figure is closer to $US10 billion. However, critics of Juniper's estimate offer little evidence for their assertion.
The Internet Advertising Bureau IAB, which represents ad tech vendors and digital publishers, does not commit publicly to a number given the opaque nature of the subject, a somewhat ironic position since the catch cry of digital advertising advocates over the last 20 years is that anything that can’t be measured can’t be managed.
How the fraud works
CTV allows advertisers to directly reach specific audiences in a market worth approximately $12 billion in the US.
The way the system should work is that when an individual or household begins streaming an episode of ad-supported programming, the app sends out bid requests for all designated ad-breaks for the entirety of the programming, according to the report.
“For example, if you are using a streaming app, and you are watching a 30-minute television show, that’s 22 minutes of content, with eight minutes of advertisements broken into four ad-breaks, for a total of 16 thirty-second video ads. In this scenario, the app will send out ad-requests for all 16 ad impressions at the beginning of the stream. All filled impressions will have the video ad creatives delivered to the ad-stitching server (SSAI) before the first ad break. This helps the streaming app ensure a seamless viewing experience for the user, with little to no lag between the content, the ads, and back to the content. And this all ideally happens within 300-500 milliseconds.”
No bot or app is required to monetise fraudulent traffic, according to MMI. Instead, they say, “Since exchanges have API’s for sellers to pass the bid-requests in JSON format, the most efficient, while highly unethical, way to generate ad-revenue is to automate the sending of JSON bid-requests with a Python script that systematically alternates the parameters passed. These have often been referred to as “Phantom Ad-Requests.”
“Since the ad-creative is not intended to be delivered to a consumer device, but rather an ad-stitching server, there is no clear signal back required to confirm render or pixel display viewability (no client-side measurement or confirmation).”
The term “RapidFire” reflects the speed at which this process can be sent to the ad-stitching server.
Traditional ad-verification technology has limited utility against the fraud as it typically relies on flagging invalid user-agents and IP addresses via the bid-stream, according to MMI.
With no client-side measurement or confirmation for the number of ads passed through, the HyperCast team was able to inflate the number of ad-requests sent.
According to MMI, the team studied the transaction mechanics of the servers including latency, requests, and lost bid opportunities to maximise the speed at which they can operate.
Utilising a sophisticated cash flow system, HyperCast also employed invoice factoring services and a global network of clients.
Its five team members had worked in ad-tech, management, and open-RTB and were able to craft a highly profitable counterfeiting operation, according to MMI.
“The key is to operate as a “network” or “aggregator” to provide a degree of separation from the traffic source,” MMI says.
HyperCast’s main “clients” are western ad-exchanges where they provide US, CA, UK, AU traffic.
Speaking to iTnews Digital Nation earlier this month, before this report was released, Shailin Dhar, CEO of MMI, acknowledged the difficulties in navigating these challenges from the perspective of a marketer.
“If you look at the educational background of most people in marketing these days, it is some sort of social science, communications, marketing, maybe even advertising specifically, but very rarely is it computer science, or web programming or anything like that,” he told Digital Nation.
Gartner VP and analyst Lizzy Foo Kune who features in the same Digital Nation mini-documentary said that organisations that are effectively tackling the wider issue of ad fraud, are bringing a variety of disciplines together.
“They are bringing together identity and access management. They're bringing their infrastructure and cyber security teams to the table, alongside legal and compliance, customer experience, marketing, customer support, finance, and increasingly fraud analysts and data scientists that specialise in some of the more advanced techniques to identify and potentially mitigate fraud,” says Foo Kune.